1pki-server-ocsp(8) PKI OCSP Management Commands pki-server-ocsp(8)
2
3
4
6 pki-server-ocsp - Command-line interface for managing PKI OCSP.
7
8
10 pki-server [CLI-options] ocsp-clone-prepare [command-options]
11 pki-server [CLI-options] ocsp-audit-event-find [command-options]
12 pki-server [CLI-options] ocsp-audit-event-enable [command-options]
13 event-ID
14 pki-server [CLI-options] ocsp-audit-event-modify [command-options]
15 event-ID
16 pki-server [CLI-options] ocsp-audit-event-disable [command-options]
17 event-ID
18 pki-server [CLI-options] ocsp-audit-file-find [command-options]
19 pki-server [CLI-options] ocsp-audit-file-verify [command-options]
20
21
23 The pki-server ocsp commands provide command-line interfaces to manage
24 PKI OCSP.
25
26
27 pki-server [CLI-options] ocsp [command-options]
28 This command is to list available PKI OCSP management commands.
29
30
31 pki-server [CLI-options] ocsp-clone-prepare [command-options]
32 This command export OCSP subsystem certificates into a PKCS #12
33 file with private keys.
34
35
36 pki-server [CLI-options] ocsp-audit-event-find [command-options]
37 This command list all the audit events which are enabled/disabled.
38
39
40 pki-server [CLI-options] ocsp-audit-event-enable [command-options]
41 event-ID
42 This command will enable audit events in the OCSP.
43
44
45 pki-server [CLI-options] ocsp-audit-event-disable [command-options]
46 event-ID
47 This command will disable audit events in the OCSP.
48
49
50 pki-server [CLI-options] ocsp-audit-event-modify [command-options]
51 event-ID
52 This command will modify the event filter for audit events.
53
54
55 pki-server [CLI-options] ocsp-audit-file-find [command-options]
56 This command lists the audit log files generated by the OCSP.
57
58
59 pki-server [CLI-options] ocsp-audit-file-verify [command-options]
60 This command will verify whether the signatures in the audit log
61 files are valid.
62
63
65 Logging audit events:
66
67
68 • AUDIT_LOG_STARTUP
69
70 • AUDIT_LOG_SHUTDOWN
71
72 • AUDIT_LOG_DELETE
73
74 • LOG_PATH_CHANGE
75
76 • LOG_EXPIRATION_CHANGE
77
78 • CONFIG_SIGNED_AUDIT
79
80
81
82 Authentication and authorization audit events:
83
84
85 • AUTHZ
86
87 • AUTH
88
89 • ROLE_ASSUME
90
91 • CONFIG_AUTH
92
93 • CONFIG_ROLE
94
95 • ACCESS_SESSION_ESTABLISH
96
97 • ACCESS_SESSION_TERMINATED
98
99
100
101 Key audit events:
102
103
104 • PRIVATE_KEY_ARCHIVE_REQUEST
105
106 • PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED
107
108 • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS
109
110 • CONFIG_TRUSTED_PUBLIC_KEY
111
112 • PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE
113
114 • KEY_RECOVERY_REQUEST
115
116 • KEY_RECOVERY_REQUEST_ASYNC
117
118 • KEY_RECOVERY_AGENT_LOGIN
119
120 • KEY_RECOVERY_REQUEST_PROCESSED
121
122 • KEY_RECOVERY_REQUEST_PROCESSED_ASYNC
123
124 • KEY_GEN_ASYMMETRIC
125
126 • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS
127
128 • COMPUTE_SESSION_KEY_REQUEST
129
130 • COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE
131
132 • DIVERSIFY_KEY_REQUEST
133
134 • DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS
135
136 • DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE
137
138 • SERVER_SIDE_KEYGEN_REQUEST
139
140 • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS
141
142 • SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE
143
144
145
146 CMC audit events:
147
148
149 • CMC_RESPONSE_SENT
150
151 • CMC_ID_POP_LINK_WITNESS
152
153 • CMC_SIGNED_REQUEST_SIG_VERIFY
154
155 • CMC_PROOF_OF_IDENTIFICATION
156
157 • CMC_REQUEST_RECEIVED
158
159 • CMC_USER_SIGNED_REQUEST_SIG_VERIFY
160
161 • PROOF_OF_POSSESSION
162
163
164
165 Profile audit events:
166
167
168 • CONFIG_CERT_PROFILE
169
170 • CONFIG_CRL_PROFILE
171
172 • CONFIG_OCSP_PROFILE
173
174
175
176 Certificate audit events:
177
178
179 • CERT_SIGNING_INFO
180
181 • CERT_PROFILE_APPROVAL
182
183 • CERT_REQUEST_PROCESSED
184
185 • CERT_STATUS_CHANGE_REQUEST
186
187 • CERT_STATUS_CHANGE_REQUEST_PROCESSED
188
189 • CONFIG_CERT_POLICY
190
191 • PROFILE_CERT_REQUEST
192
193 • CIMC_CERT_VERIFICATION
194
195 • NON_PROFILE_CERT_REQUEST
196
197
198
199 ACL audit events:
200
201
202 • CONFIG_ACL
203
204
205
206 OCSP audit events:
207
208
209 • OCSP_SIGNING_INFO
210
211 • OCSP_GENERATION
212
213
214
215 CRL audit events:
216
217
218 • SCHEDULE_CRL_GENERATION
219
220 • DELTA_CRL_PUBLISHING
221
222 • CRL_VALIDATION
223
224 • CRL_RETRIEVAL
225
226 • CRL_SIGNING_INFO
227
228 • FULL_CRL_GENERATION
229
230 • DELTA_CRL_GENERATION
231
232
233
234 Authority audit events:
235
236
237 • AUTHORITY_CONFIG
238
239 • SECURITY_DOMAIN_UPDATE
240
241 • CONFIG_DRM
242
243
244
245 Selftest audit events:
246
247
248 • SELFTESTS_EXECUTION
249
250
251
252 Encryption data audit events:
253
254
255 • CONFIG_ENCRYPTION
256
257 • ENCRYPT_DATA_REQUEST
258
259 • ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS
260
261 • ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE
262
263 • COMPUTE_RANDOM_DATA_REQUEST
264
265 • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE
266
267 • COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS
268
269 • SECURITY_DATA_ARCHIVAL_REQUEST
270
271
272
273 Serial/random number audit event:
274
275
276 • INTER_BOUNDARY
277
278 • CONFIG_SERIAL_NUMBER
279
280 • RANDOM_GENERATION
281
282
283
285 pki-server(8)
286 PKI server management commands
287
288
290 Amol Kahat <akahat@redhat.com>.
291
292
294 Copyright (c) 2018 Red Hat, Inc. This is licensed under the GNU Gen‐
295 eral Public License, version 2 (GPLv2). A copy of this license is
296 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
297
298
299
300PKI Mar 21, 2018 pki-server-ocsp(8)